What is the first action to take when a device is suspected of being infected with malware?

When a device is suspected of being infected with malware, the first action to take is to disconnect the device from the network. This is crucial because malware can spread quickly across connected devices and networks, potentially compromising sensitive data or causing additional harm. By isolating the device, you prevent the malware from communicating with external servers, spreading to other devices, or causing further damage.

Taking this precaution allows you to contain the incident while you assess and address the threat without risking the security of other systems within the network. After disconnecting, other actions such as running a virus scan or updating antivirus software can be performed to identify and remove the malware, but the initial step of disconnection is essential for minimizing the potential impact of the infection.